Json Yaml Overpermissive Ssm Wildcard Actions

Description

Detects AWS CloudFormation templates containing IAM policies that grant overly permissive access to AWS Systems Manager (SSM). Policies with wildcard actions (*) on SSM resources represent a security risk by potentially allowing unrestricted access to sensitive system management functions.

Weakness:

031 - Excessive privileges - AWS

Category: Access Subversion

Detection Strategy

• Scans CloudFormation template files for IAM policy resources

• Identifies policy statements that include SSM-related permissions

• Reports a vulnerability when wildcards (*) are used to grant full access to SSM actions

• Examines both resource-level and action-level permissions in the IAM policies

Vulnerable code example

Resources:
  MyPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: VulnerablePolicy
      PolicyDocument:
        Version: '2012-10-17'
        Statement:...

✅ Secure code example

Parameters:
  AllowedSSMPath:
    Type: String
    Default: /app/prod/*
    Description: SSM Parameter path that can be accessed

Resources:
  MyPolicy:...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.